Nearly all access control mechanisms for managing physical “points of service” or other physical resource access control methods and apparatus operate only within the scope and confines of a single building, organization, or enterprise. For commercial access management, this restriction is usually not material with respect to the usefulness of the access control mechanisms.
For a consumer population, however, this restriction results in the need for having multiple types of tokens, each of which operates at only a single facility or institution. This is somewhat similar to how consumers access online resources. Whereas one individual may have dozens of user names and passwords to access online resources, such as e-mail accounts, bank accounts, brokerage accounts, shopping websites, etc., the individual may also have multiple different physical access mechanisms through which he or she can access physical resources, such as a key to a house, a card for a parking facility, a fob for an employer's building, a combination for a storage locker, etc. The proliferation of these different physical mechanisms (e.g., tokens) and the difficulty of managing them uniformly is inconvenient for the consumer, and weakens the security mechanisms put in place for the facilities under management. Furthermore, there is no practical means of linking the individual identity assumed by the consumer at each institution with the identities asserted at the others. An additional complication is that a variety of token technologies make it extremely difficult to have continuity of identity across multiple facilities or physical points of service.
Heterogeneous credential management, tokenization, and physical token exchange mechanisms (e.g., readers, scanners, keypads) are therefore the central challenges for establishing a widely usable access management solution with continuity of identity across multiple contexts. There is currently no solution that permits a user to present the same identity for physical access control in connection with different points of service, wherein the different points of service require different physical tokens in order to gain access control through the appropriate authentication apparatus present at each point of service.
Further, while there are existing systems for managing access to physical resources with a centrally managed identity provider, most of these are either cost prohibitive for consumer applications or are constrained to operate only for a subset of the public (e.g., government employee, corporate employees). A system that allows individuals to manage multiple credentials or tokens for multiple physical resources in their private life and commercial interactions using a single electronic identity is highly desirable.